Site Navigation

Date:      Tue, 20 Jun 2017 15:41:17 -0400
From:      Shawn Webb <shawn.webb@hardenedbsd.org>
To:        Vladimir Terziev <vterziev@gvcgroup.com>
Cc:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: The Stack Clash vulnerability
Message-ID:  <20170620194117.45yggu3qvfidtybo@mutt-hbsd>
In-Reply-To: <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com>
References:  <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
On Tue, Jun 20, 2017 at 08:13:46AM +0000, Vladimir Terziev wrote:
> Hi,
> 
> I assume FreeBSD security team is already aware about the Stack Clash vulnerability, that is stated to affect FreeBSD amongst other Unix-like OS.
> 
> Just in case here is the analyses document of Qualys:
> 
> https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

As a follow-up, Stack Clash should now be mitigated in HardenedBSD:

https://github.com/HardenedBSD/hardenedBSD/compare/de8124d3bf83d774b66f62d11aee0162d0cd1031...91104ed152d57cde0292b2dc09489fd1f69ea77c

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAllJelsACgkQaoRlj1JF
bu6uDg/9G2g12odIKpsFi7SW3WLocpL2Qf9ArM0qWxb8cG81rv+w4v8uli2UPMue
c38V4Gq5hpQfXIF0TCE1nr35uWFoGTqjz6bsVBFvEytnPzOhGF3NdBPeL9kJDdae
2XTt1r6fDrlGGLPg7vBWCYkrK+0/XuDV2e7Nq8NjfJn2rk1Yi9TXOLdG0ILs7xaV
ptmWtdXWXIRR0kW2RiE3BJNs79KITs1y0fCBc1WJfPZGcHjZW7cvMxE3z+OOnr4k
GvCbfi7NCi/oTOPbQ8L8rBbCNCicXOqHfbRa7WJCs5L7IyCIHaQ6uHyMdBeavD5A
ce7QF7z9+WFLD7EUldnJR3I6t0fLDfGpnDj5ulsus9Xsqif0Ec8LtK3UzXHbP20t
7PpDTpDrwhhW/s6XpTXugC12gLpluctcSztzNcwbGUpTtCnyYQoQ5cvVSad8ggoz
9xWTvNXijenkcc/IQzeiV0fEuB1eP2Dh4QG/YuNhi5LNbg5ZLB3zSElddFSF0KL3
RUuS3KGg8T8fc0/qgRTf5CeNJggNNPN1LSVro7irgAhc+o979q+HJQIc4zqYcQVm
mhxNdB0DBAusdVOCJp4zKMaTgTFQzR1yiYZpMJrw5fjej5KupcfrY1sbSANdqAY4
tE3CG9wVbAjB0hipNihUZtpDwFbbUg5+aB5WDfDoGUg27wI1tTM=
=XTy7
-----END PGP SIGNATURE-----

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170620194117.45yggu3qvfidtybo>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact